NTFS permission

We failed on backup job due to many Access Denied files.
Because there are many folders/files, it is impossible to add it one by one manually.
How can we add domain admins group to all folders/files with out affect existing NTFS security permissions?
We are using 2003R2 server in AD environment.
Thank you.
dickchanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wolfcamelCommented:
sounds like you may need to revisit the entire structure of your security and inheritance etc.

If you add the admin at the root you still wont have access to folders where the admin has been removed, and inheritance turned off.

0
SysExpertCommented:
Backup Admin should always have access to everything, and  you need to make sure it is set that way.

CACLS and similar may be helpful.
test carefully before implementing.

I hope this helps !
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
avisharCommented:
Use "modacl" , using this utility you can apply/remove permission of a group recursively or otherwise on a folder without affecting the existing permission.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

avisharCommented:
If you decide to use modacl then download SuperCACLs 3.0 from Trusted Systems Services..
0
majidhajaliCommented:
Users of Backup Operators group have access to all files and folders whether they have NTFS permission on that folder/file or not. I suggest you create a user and put that user in Backup Operators group and run the backup tasks with delegation of that user.
0
ashaw2009Commented:
Firstly check what account you are using to run the backup job, then add that account to the local servers backup operators group:
Start > Run > compmgmt.msc > System Tools > Local Users and Groups > backup operators

Second check your VSS writers are stable.
Start >run> CMD > Vssadmin List Writers
Each writer should come back as Stable and No errors. If the writers are in a failed state you may need to restart the server or take further action.

Third check the Volume shadow copy service is set to start Manually and the logon account is the system account:

Start >run>services.msc>Volume Shadow Copy service
0
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would recommend SubInACL from Microsoft. It is easy in use and very powerful. You can download it at
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.